Re: DragonFly Security Officer and Security Team

On Wed, Nov 17, 2004 at 05:25:34PM +0100, Devon H. O'Dell wrote:
> Hello all,
>
> ``Who can act as a security officer and participate in a security team
> for our project?''
I can run for this election, since I am just in school these days I usually have
enough time, and I have access to the internet even when I am at school.
Man, I almost feel like writing a resume. :-)
>
[ ... ]
>
> Unfortunately, obscurity is critical when a vulnerability is discovered.
> As it stands, it is difficult to find anybody to contact privately when
> such a matter is revealed. It may or may not be obvious to some who the
> head developers of the project are and it may or may not be obvious
> whether or not they have time to deal with the issue.
I agree, we have grow a lot this last year, and having a secure place to pass on
security issues will become just increasingly important.
>
[ ... ]
>
> I hope we can get something worked out with this.
We always do.
I think there should be at least for starters a team of two people. At least for
the moment. These people should at least in my opinion be persons that are
already commiters. I can think of several people with commit access I believe
would be good for the job. I think the biggest problem with most people are time
constraints, but I guess those who want to be a part of the security team will
step up and say so for them self.
--
Eirik Nygaard